cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Understanding readiness for Windows 11 with Microsoft Endpoint Manager
By
Zach Dvorak
Published Sep 21 2021 09:00 AM 138K Views
Zach Dvorak
Microsoft
‎Sep 21 2021 09:00 AM

Understanding readiness for Windows 11 with Microsoft Endpoint Manager

‎Sep 21 2021 09:00 AM

With the announcement of Windows 11, you might be wondering how your organization can prepare for the upgrade, as well as what you can do right now to set yourself up for success. One of the first things you’ll want to consider is using Microsoft Endpoint Manager to assess which devices in your organization meet the minimum system requirements for Windows 11.

Over the next few days, we’ll be updating the Work from anywhere report in Endpoint analytics with new Windows 11 hardware readiness insights. These changes will allow you to easily determine Windows 11 hardware readiness across your organization. Windows 11 insights will be available for all Intune-managed and co-managed devices in Endpoint analytics, as well as devices enrolled via tenant attach with Configuration Manager, version 2107 or newer.

Where to find overall Windows 11 readiness across a device estate in Microsoft Endpoint ManagerWhere to find overall Windows 11 readiness across a device estate in Microsoft Endpoint Manager

Looking at Windows 11 readiness at the individual device level in Microsoft Endpoint ManagerLooking at Windows 11 readiness at the individual device level in Microsoft Endpoint Manager

If you’re not yet using Endpoint analytics, or you’re using an older version of Configuration Manager, we’re also publishing a Hardware Readiness PowerShell script today as an interim solution that can help you determine if your devices meet the Windows 11 minimum system requirements.

While the script can help you get started planning for Windows 11 right away, we also encourage you to onboard to Endpoint analytics so you can benefit from additional Windows 11 insights as well as the existing features that can help you optimize the end-user experience in your organization. And if you’re using Configuration Manager, consider enabling co-management so that you can benefit from new reports and features – like Windows 11 hardware readiness insights – with no on-premises upgrades required. To learn more about Endpoint analytics, you can refer to Microsoft Docs or some of our sessions from Microsoft Ignite.

Running the Hardware Readiness script

To determine whether an individual device meets the system requirements for Windows 11, you can run the script locally from an elevated PowerShell prompt. To run the script at scale, we recommend leveraging Microsoft Endpoint Manager. While the script has been digitally signed by Microsoft, you may need to adjust the PowerShell Execution Policy on your Windows devices.

Microsoft Intune users can leverage the Intune management extension to upload the Hardware Readiness PowerShell script, and then deploy it to a target set of devices. As with any deployment, we recommend testing on a small set of devices before rolling out more broadly. Then, use Microsoft Graph explorer to access and aggregate the results of the script. The output data can be ingested into Azure Log Analytics or saved locally for you to query and visualize as desired. A step-by-step walkthrough of using this method to aggregate script results is available on the Device Management in Microsoft blog.

Organizations using Configuration Manager can use the Run Scripts feature which provides the built-in ability to deploy and aggregate results from a PowerShell script. To learn more about this process, the Script output section of the Microsoft Docs article, Create and run PowerShell scripts from the Configuration Manager console.

Understanding the Hardware Readiness script output

The Hardware Readiness script is meant to determine if a device meets the minimum system requirements for Windows 11, and in the case that not all requirements are met, it will highlight which hardware checks failed. Results are returned in JSON format with four key/value pairs:

  • returnCode: an integer value that represents whether the device meets the minimum system requirements for Windows 11. Possible results include:

    returnCode

    Definition

    -2

    FAILED TO RUN – the script encountered an error

    -1

    UNDETERMINED – one or more of the hardware requirement checks failed to execute properly

    0

    CAPABLE – the device meets all assessed Windows 11 hardware requirements

    1

    NOT CAPABLE – the device does not meet one or more of the assessed Windows 11 hardware requirements
  • returnReason: a string value that provides a comma-separated list of the Windows 11 hardware requirements that are not met on the device. For instance, if the script is run on a device that meets all hardware requirements except the Storage requirement, returnReason would equal “Storage.” In the case that all hardware requirements are met, returnReason will be NULL. Possible results include:

    returnReason

    Storage

    Memory

    TPM

    Processor

    SecureBoot

    For a complete list of minimum system requirements for Windows 11, see Windows 11 requirements. You can also find additional details on the Windows 11 System Requirements, page, including the steps you might be able to take to modify or update a Windows 10 device to make it eligible for the upgrade to Windows 11.
  • logging: a string value that provides verbose logging of the determined values for all hardware checks performed on the device.
  • returnResult: a string value that is a human-readable representation of returnCode. Possible results include: CAPABLE, NOT CAPABLE, UNDETERMINED, and FAILED TO RUN.

 

Disclaimer: This Hardware Readiness PowerShell Script is not supported under any Microsoft standard support program or service and is distributed under the MIT license.



21 Comments
Reza_Ameri
Silver Contributor
‎Sep 21 2021 09:22 AM
‎Sep 21 2021 09:22 AM

Thank you very much for this update and this is very helpful and many people have been looking for this ability.

I just hope this ability would have been available for on-premise solutions like Configuration Manager.

0 Likes
Like
Zach Dvorak
Microsoft
‎Sep 21 2021 03:51 PM
‎Sep 21 2021 03:51 PM

Hey @Reza_Ameri  - Endpoint analytics is available for ConfigMgr customers - no co-management required! Learn more at https://aka.ms/EACMOnboard. As long as you enable tenant attach, and then onboard to EA in the MEM Admin Center, you'll be good to go! (Just note that the Win11 readiness insights mentioned in this article require ConfigMgr version 2107.)

0 Likes
Like
Reza_Ameri
Silver Contributor
‎Sep 23 2021 06:42 AM
‎Sep 23 2021 06:42 AM

Thank you @Zach Dvorak , I am aware of this feature what I am referring to is ability to perform scam on-premise. This is due to privacy concerns in certain organization where they want all data inside their servers and locally. While I agreed using the Endpoint Analytics is really valuable, but keeping data internally is still a concern for some organizations. 

0 Likes
Like
Jordi_K
Brass Contributor
‎Sep 29 2021 02:35 AM
‎Sep 29 2021 02:35 AM

@Zach Dvorak, we're 8 days in and we still don't see the Windows 11 columns in the report. Please elaborate, we're an Intune only customer and are already on the 2109 update.

dextraa9791
Copper Contributor
‎Sep 29 2021 11:56 PM
‎Sep 29 2021 11:56 PM

@Zach Dvorak same question as the guy above me. We only use intune and still can't see this windows 11 readiness overview while the Windows 11 update will go public in a few days.

0 Likes
Like
Zach Dvorak
Microsoft
‎Sep 30 2021 09:28 AM
‎Sep 30 2021 09:28 AM

@Jordi_K@dextraa9791 -- check again! The deployment has been rolling out over the past several days. I think it should be in all production tenants either now or within the next ~12 hours. If you're still not seeing it by the end of the week, that's when I'll want to start investigating :smile:

Stephen Biggs
Copper Contributor
‎Oct 04 2021 02:16 AM
‎Oct 04 2021 02:16 AM
Downloaded, ran in Admin PowerShell, got the following very unhelpful output. Apparently, there is no exception handling in the script. C:\users\MyName\Downloads\HardwareReadiness.ps1:468 char:47 + if ($supportedDevices -contains $$modelOrSKUCheckLog){ + ~~~~~~~~~~~~~~~~~~ Unexpected token 'modelOrSKUCheckLog' in expression or statement. At C:\users\MyName\Downloads\HardwareReadiness.ps1:468 char:47 + if ($supportedDevices -contains $$modelOrSKUCheckLog){ + ~~~~~~~~~~~~~~~~~~ Missing closing ')' after expression in 'if' statement. At C:\users\MyName\Downloads\HardwareReadiness.ps1:466 char:63 + if ($cpuDetails.Name -match 'i7-7820hq cpu @ 2.90ghz'){ + ~ Missing closing '}' in statement block or type definition. At C:\users\MyName\Downloads\HardwareReadiness.ps1:465 char:32 + if ($null -ne $cpuDetails) { + ~ Missing closing '}' in statement block or type definition. At C:\users\MyName\Downloads\HardwareReadiness.ps1:461 char:5 + try { + ~ Missing closing '}' in statement block or type definition. At C:\users\MyName\Downloads\HardwareReadiness.ps1:468 char:65 + if ($supportedDevices -contains $$modelOrSKUCheckLog){ + ~ The Try statement is missing its Catch or Finally block. At C:\users\MyName\Downloads\HardwareReadiness.ps1:468 char:65 + if ($supportedDevices -contains $$modelOrSKUCheckLog){ + ~ Unexpected token ')' in expression or statement. At C:\users\MyName\Downloads\HardwareReadiness.ps1:473 char:9 + } + ~ Unexpected token '}' in expression or statement. At C:\users\MyName\Downloads\HardwareReadiness.ps1:474 char:5 + } + ~ Unexpected token '}' in expression or statement. At C:\users\MyName\Downloads\HardwareReadiness.ps1:475 char:1 + } + ~ Unexpected token '}' in expression or statement. + CategoryInfo : ParserError: (:) [], ParseException + FullyQualifiedErrorId : UnexpectedToken
dnsss90
Copper Contributor
‎Oct 04 2021 06:20 AM
‎Oct 04 2021 06:20 AM

@Stephen Biggs there is an extra $ on row 468, remove it and you'll be good.

 

.ps1:468 char:47

 

Best regards,

Dennis

molislaegers
Brass Contributor
‎Oct 06 2021 11:56 AM
‎Oct 06 2021 11:56 AM

I have a Dell Latitude 7410 (last year's model): Fully Intune managed (TPM active etc).

 

Windows says: Not Capable

Intune says: Not Capable 

(Both without reason)

PC-Health says: Managed by your company (Duh)

 

Script says: OK! Capable.

 

:thinking_face:

0 Likes
Like
JCrossSarvis
Copper Contributor
‎Oct 15 2021 07:43 AM
‎Oct 15 2021 07:43 AM

Why was this script written and released with Get-WmiObject cmdlets instead of using Get-CimInstance?  The Wmi cmdlets were superseded in PS 3.0, and completely depreciated after 5.1.

 

Has anyone updated the script to run in PowerShell Core environment?

 

Thanks,

John

*edited: spelling*

0 Likes
Like
eschloss
Copper Contributor
‎Oct 25 2021 06:35 AM
‎Oct 25 2021 06:35 AM

I have started running this in our environment as a baseline/CI in Configuration Manager. Systems with the following processors are showing as not capable because of the processor, but per Windows processor requirements Windows 11 supported Intel processors | Microsoft Docs, these processors are supported:

Intel(R) Core(TM) i5-10500T CPU @ 2.30GHz

Processor: {AddressWidth=64; MaxClockSpeed=792; NumberOfLogicalCores=12; Manufacturer=GenuineIntel; Caption=Intel64 Family 6 Model 165 Stepping 3; }. FAIL

Intel(R) Core(TM) i5-9500T CPU @ 2.20GHz

Processor: {AddressWidth=64; MaxClockSpeed=792; NumberOfLogicalCores=6; Manufacturer=GenuineIntel; Caption=Intel64 Family 6 Model 158 Stepping 10; }. FAIL
Intel(R) Core(TM) i7-7820HQ CPU @ 2.90GHz

Processor: {AddressWidth=64; MaxClockSpeed=2904; NumberOfLogicalCores=8; Manufacturer=GenuineIntel; Caption=Intel64 Family 6 Model 158 Stepping 9; PlatformId 32}. FAIL

I have other systems with Intel(R) Core(TM) i5-10500T CPU @ 2.30GHz that report as capable:

Processor: {AddressWidth=64; MaxClockSpeed=2304; NumberOfLogicalCores=12; Manufacturer=GenuineIntel; Caption=Intel64 Family 6 Model 165 Stepping 3; }. PASS

 

Seems to revolve around the max clock speed but they are the same model processor in the same model of desktop computer.

 

0 Likes
Like
Windowsnoob
Copper Contributor
‎Nov 11 2021 01:22 PM
‎Nov 11 2021 01:22 PM

Scratching my head over - Windows 11 Readiness Status 'Unknown',  Readiness reason - Blank.. What do I make of this in the Work from Anywhere Report. 

What do each of these Readiness Reasons denote?

Windowsnoob_0-1636665710297.png

 



0 Likes
Like
eschloss
Copper Contributor
‎Nov 11 2021 03:03 PM
‎Nov 11 2021 03:03 PM

@Windowsnoob I had a few systems reporting that way. I ran the script manually on them and it was throwing an error when querying the TPM. In each case, I updated the BIOS on the system and then they reported as capable. I believe all were HP systems, but I don’t recall the model. 

0 Likes
Like
AndreSams83
Copper Contributor
‎Dec 15 2021 12:50 PM
‎Dec 15 2021 12:50 PM

lets get installing 

0 Likes
Like
MattHempel
Copper Contributor
‎Jan 11 2022 09:02 AM
‎Jan 11 2022 09:02 AM

The readiness script always returns a Pass for SecureBoot for me even if SecureBoot is disabled.

Might need something like below ?

 

 

try {
    $isSecureBootEnabled = Confirm-SecureBootUEFI
	
	if ($isSecureBootEnabled) {
		$outObject.logging += $logFormatWithBlob -f $SECUREBOOT_STRING, $CAPABLE_STRING, $PASS_STRING
		UpdateReturnCode -ReturnCode 0		
	}
	else {
		$outObject.logging += $logFormatWithBlob -f $SECUREBOOT_STRING, $CAPABLE_STRING, $FAIL_STRING
		UpdateReturnCode -ReturnCode 1
		$exitCode = 1
	}
}
catch [System.PlatformNotSupportedException] {

 

ok , just found that it is not a requirement for Windows 11 to have SecureBoot enabled, system just needs to be capable.

https://support.microsoft.com/en-us/windows/windows-11-and-secure-boot-a8ff1202-c0d9-42f5-940f-843ab...

 

 

0 Likes
Like
No_Vidya
Copper Contributor
‎Mar 24 2022 01:33 PM
‎Mar 24 2022 01:33 PM

You can also look into the UPGRADE_EXPERIENCE_INDICATORS attribute class and SQL View v_GS_UPGRADE_EXPERIENCE_INDICATORS to create a simple Windows 11 upgrade readiness report.

0 Likes
Like
Afghanboy20221590
Copper Contributor
‎Nov 12 2022 06:41 AM
‎Nov 12 2022 06:41 AM

I am so satisfied from your services 

Thank you so much for your time.

0 Likes
Like
Mortennords
Copper Contributor
‎Dec 21 2022 01:01 AM
‎Dec 21 2022 01:01 AM

Hello,

I've recently discovered a problem regarding Work from anywhere report in Endpoint/intune.

It looks like not every PC in our organization is showing in the Windows 11 readiness report?
We're missing like 2/20 PC's.
How is this poosible? Every PC is enrolled the same way, and looks "identical".

"Device Performance shows everyone, but "Windows" lacks some...

Mortennords_0-1671613291133.png

 

0 Likes
Like
MostafaRehim10
Microsoft
‎Feb 16 2023 07:16 AM
‎Feb 16 2023 07:16 AM

I have same issue in my test Lab plus those devices aren't visible under Device Performance

0 Likes
Like
PadSelmke
Microsoft
‎Mar 16 2023 03:18 AM
‎Mar 16 2023 03:18 AM

In order for a compatibility check to be performed and the registry entry to be created under HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\CompatMarkers, the telemetry must be at least Basic (1).

HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\DataCollection:AllowTelemetry = 1

Clients where the telemetry is set to 0 do not create a registry entry.

0 Likes
Like
drkmccy
Copper Contributor
‎Mar 23 2024 06:41 AM
‎Mar 23 2024 06:41 AM

I've ran the script on our estate using our RMM tool. So far it's worked a treat, however, it's picking up the i5-1230U as not being compatible?

drkmccy_0-1711201243740.png

 

0 Likes
Like
Co-Authors
Version history
Last update:
‎Sep 21 2021 08:36 AM
Updated by: